FTC Issues Warning After Marriott Data Breach

In late 2018, the Federal Trade Commission (FTC) issued a stark warning about a massive data breach at a Marriott chain that exposed the records of 500 million people.

The latest major corporate breach reinforces the need for companies to invest in multilayered security protocols that protect networks, devices and users.

What Happened at Marriott?

Marriott International reported that a breach of its Starwood guest reservation system exposed personal information on millions of people, Hackers gained access to highly sensitive data, including names, physical addresses, email addresses, phone numbers, gender, and loyalty program data. Among the most potentially damaging information taken were passport numbers, dates of birth and payment card numbers and expiration dates. While the payment card data was encrypted, the company did not know if the hackers had also stolen the technology needed to decrypt that information.

The breach began in 2014 and could affect anyone who made a reservation on or before September 10, 2018, at any of the Starwood brands, which comprise Le Meridien Hotels and Resorts, Sheraton Hotels and Resorts, St. Regis, W Hotels and Westin Hotels and Resorts.

How Did Marriott and the FTC Respond?

Marriott sent an email to warn those who may have been affected by the breach. However, the company ran into some criticism in its response, too.

The emails came from a third party and not the chain itself. The domain, email-marriott.com, doesn’t load or have an HTTPS identifying the certificate. That could lead other hackers to spoof the email and pretend they’re Marriott, duping consumers out of more personal information.

The company has offered a year’s worth of free internet site monitoring that generates an alert if evidence of a consumer’s personal information is found. However, the service is not available in all countries. U.S. consumers also can obtain free fraud consulting and reimbursement coverage.

The FTC encouraged consumers to check their credit reports and credit card statements for accounts or activity that’s not recognized. The agency also suggested placing a fraud alert or freeze on their credit reports.

What Can Companies Do To Prevent These Issues?

To ensure that your systems and networks are protected adequately from such intrusions, it’s wise to invest in a comprehensive assessment of your existing security defenses. An experienced IT services provider can assist with this assessment and recommend improvements to shore up areas that are lacking.

Today’s companies need a blanket of protections on several levels, including:

Network Perimeters. Advanced firewalls block your network’s perimeter and issue alerts when suspicious activity is detected. With 24/7 automated monitoring in place, companies can be confident that unusual behavior is identified, contained and addressed before significant harm can be done.

Devices.Every device on your network needs to be protected with advanced anti-virus, anti-spam and anti-phishing detection systems. These applications should run continuously in the background and be updated automatically to address emergent threats. By quarantining suspicious emails, these tools help prevent users from unwittingly providing access to bad actors.

Authentication. Companies are increasingly using multi-factor authentication protocols to safeguard access. Multi-factor authentication, for example, may involve completing additional steps after entering a password, such as typing in a code texted to a registered mobile device or clicking on an email link. While these protections may be a minor annoyance to some users, if a device is stolen or lost, the procedures can keep access protected.

Cloud Backups. Storing data and applications in the cloud helps keep your critical information protected. Cloud providers and managed IT services companies use both digital and physical safeguards to make sure that data is encrypted and accessible in a moment of need.

Business Continuity. When a natural disaster or hack occurs, your operations can be offline for days or weeks unless you’ve planned ahead. Business continuity planning allows your company to develop the protocols and procedures that will be deployed during and after a disaster. This planning involves identifying the people and responsibilities to manage these events, developing risk assessments, testing the responses and making adjustments as necessary.

This broad approach to security helps minimize the likelihood of a Marriott-level incident damaging your company’s business and reputation.

Lance Skipper

Matthew Morman

Always at your service to provide the highest level of quality support to our customers.

Anthony Firth Client Engineer

“I’m passionate about building and fostering relationships, and finding solutions for success.”

Michael Koenig Client Account Manager

“Enabling IT to become an effective and valuable partner by delivering premier customer service and quality IT solutions achieving business goals.”

Jake Parrott Business Development Manager

“Serving the client through IT solutions is my passion. A happy client is a happy me.”

Jason RichardsonClient Engineer

“Striving to provide friendly and quality service to our customers”

Ted Rorabaugh Client Engineer

“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”

Josh Wilshire Systems Engineer Team Lead

“Providing courteous, quality IT service for our customers.”

Rich Yoest Rapid Response Team Supervisor

“Striving to be your trusted adviser and IT teammate in accomplishing all your business goals”

Brandan Bishop Client Account Manager

“I strive to provide the highest level of quality service to our customers.”

Tommy Williams Sr. Hardware Engineer

“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”

Stephen Riddick VP Sales & Marketing

“CSP doesn’t succeed unless your company succeeds.”

Stephen Allen Inventory Manager

“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”

Scott Forbes VP Support Services

“Every day, I work with clients to help plan the future of their businesses.”

Michael Bowman vCIO

“Your IT problems become our IT solutions.”

Mark McLemore Project Engineer

“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”

Margie Figueroa Business Manager

“Helping customers get the most out of their IT Infrastructure.”

Marc Gillet Project Engineer

“Providing quality internal and externals financial support to our customers and accounting support to CSP.”

Katie Steiglitz Accounting Administrator

“Your satisfaction is our #1 priority.”

Heather Moore Project Manager

“Some call me the CEO. I call myself the Cheerleader for an awesome team!”